Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump gradle from 8.8 to 8.10.2 #15226

Merged
merged 11 commits into from
Sep 27, 2024
Merged

Bump gradle from 8.8 to 8.10.2 #15226

merged 11 commits into from
Sep 27, 2024

Conversation

snesm
Copy link
Contributor

@snesm snesm commented Jul 17, 2024
edited
Loading

This PR updates Gradle from 8.8 to 8.10.2.

If you are suggesting a fix for a currently exploitable issue, please disclose the issue to the prime-reportstream team directly outside of GitHub instead of filing a PR, so we may immediately patch the affected systems before a disclosure. See SECURITY.md/Reporting a Vulnerability for more information.

Test Steps:

  1. Include steps to test these changes

Changes

Checklist

Testing

  • Tested locally?
  • Ran ./prime test or ./gradlew testSmoke against local Docker ReportStream container?
  • (For Changes to /frontend-react/...) Ran npm run lint:write?
  • Added tests?

Process

  • Are there licensing issues with any new dependencies introduced?
  • Includes a summary of what a code reviewer should test/verify?
  • Updated the release notes?
  • Database changes are submitted as a separate PR?
  • DevOps team has been notified if PR requires ops support?

Linked Issues

  • Fixes #issue

To Be Done

Create GitHub issues to track the work remaining, if any

  • #issue

Specific Security-related subjects a reviewer should pay specific attention to

  • Does this PR introduce new endpoints?
    • new endpoint A
    • new endpoint B
  • Does this PR include changes in authentication and/or authorization of existing endpoints?
  • Does this change introduce new dependencies that need vetting?
  • Does this change require changes to our infrastructure?
  • Does logging contain sensitive data?
  • Does this PR include or remove any sensitive information itself?

If you answered 'yes' to any of the questions above, conduct a detailed Review that addresses at least:

  • What are the potential security threats and mitigations? Please list the STRIDE threats and how they are mitigated
    • Spoofing (faking authenticity)
      • Threat T, which could be achieved by A, is mitigated by M
    • Tampering (influence or sabotage the integrity of information, data, or system)
    • Repudiation (the ability to dispute the origin or originator of an action)
    • Information disclosure (data made available to entities who should not have it)
    • Denial of service (make a resource unavailable)
    • Elevation of Privilege (reduce restrictions that apply or gain privileges one should not have)
  • Have you ensured logging does not contain sensitive data?
  • Have you received any additional approvals needed for this change?

@snesm snesm added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 17, 2024
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Manifest Files

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 17, 2024
edited
Loading

Test Results

1 232 tests  ±0   1 228 ✅ ±0   7m 4s ⏱️ -26s
  162 suites ±0       4 💤 ±0 
  162 files   ±0       0 ❌ ±0 

Results for commit bf5a8b9. ± Comparison against base commit 26246ad.

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 17, 2024
edited
Loading

Integration Test Results

 53 files   53 suites   27m 20s ⏱️
410 tests 401 ✅ 9 💤 0 ❌
413 runs  404 ✅ 9 💤 0 ❌

Results for commit bf5a8b9.

♻️ This comment has been updated with latest results.

@snesm snesm marked this pull request as ready for review July 17, 2024 18:50
@snesm snesm requested a review from a team as a code owner July 17, 2024 18:50
@snesm snesm marked this pull request as draft August 20, 2024 19:00
@snesm snesm changed the title Bump gradle from 8.8 to 8.9 Bump gradle from 8.8 to 8.10 Aug 20, 2024
@snesm snesm marked this pull request as ready for review August 20, 2024 19:25
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@snesm snesm changed the title Bump gradle from 8.8 to 8.10 Bump gradle from 8.8 to 8.10.2 Sep 25, 2024
mkalish
mkalish approved these changes Sep 27, 2024
View reviewed changes
Copy link
Collaborator

@mkalish mkalish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@snesm snesm enabled auto-merge (squash) September 27, 2024 14:54
@snesm snesm merged commit 351db90 into master Sep 27, 2024
22 checks passed
@snesm snesm deleted the snesm/gradle8.9 branch September 27, 2024 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkalish mkalish mkalish approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snesm @mkalish